Session expiring on manager after adding cache control headers

Hello everyone.

By default PHP had a setting to set the default headers:
session.cache_limiter = nocache

This will set a header as:
Cache-control: no-store, no-cache, must-revalidate

I don’t want that one so I added my own headers on the .htaccess

<IfModule mod_headers.c>
    Header set Connection keep-alive
    <filesmatch "\.(ico|flv|gif|swf|eot|woff|otf|ttf|svg)$">
        Header set Cache-Control "max-age=2592000, public"
    <filesmatch "\.(jpg|jpeg|png)$">
        Header set Cache-Control "max-age=2592000, public"
    # css and js should use private for proxy caching
    <filesmatch "\.(css)$">
        Header set Cache-Control "max-age=2592000, private"
    <filesmatch "\.(js)$">
        Header set Cache-Control "max-age=2592000, private"
    <filesMatch "\.(x?html?|php)$">
        Header set Cache-Control "max-age=3600, s-maxage=3600, private, must-revalidate, proxy-revalidate"

The first problem I get is that now the Cache-control header is duplicated:

Cache-Control: max-age=3600, s-maxage=3600, private, must-revalidate, proxy-revalidate
Cache-Control: no-store, no-cache, must-revalidate

So I delete the no-cache header using a .user.ini file and leaving this setting empty:
session.cache_limiter =

Job done and I only can see the header I need and the no-cache header disappeared BUT now the manager area is behaving very weird and it’s logging me out constantly saying my session expired.

I tried this setting based on some advices online:
session.auto_start = 1

but that didn’t help, any ideas please?
Thank you very much for your help! :+1:

Any one that had an idea about this please?

What are you exactly trying to achieve? Per documentation, setting the cache_limiter to empty or null will turn off automatic sending of cache headers entirely, and having no cache definitions will definitely mess with MODX session management, also changing the default ‘0’ parameter for session.auto_start will not directly affect MODX session, and probably won’t make the browser use the actual session id’s sent by the server

Setting the session.cache_limiter value to public or private gets the same result as leaving it empty. that means the manager gets stupid.

The only difference is if it’s empty will not display the duplicated Cache-control on headers.

I only want to get rid of the duplicated Cache-control on and apply my own cache control values.

Thanks @camicase82

Maybe instead of using a user.ini file, you could try to set the cache_limiter to empty in a MODX plugin using the PHP function session_cache_limiter. Make sure to set it as early as possible and not for requests to the manager.

Or maybe it works, if you create a second user.ini file in the subfolder /manager where you set the cache limiter to the default → session.cache_limiter = nocache.

1 Like

Taking a second look at your config, seems like you want to change the cache policy for specific files. I’ll say to leave the PHP files cache untouched, since its the way MODX works, and only work on the other files, also not sure about the syntaxis for the regex of your file match, this site can be useful to see what’s actually being cached

@halftrainedharry and @camicase82 Thanks for your help.
At the end the best option was set the headers using a plugin, here the solution in case somebody need it:

I leave the session.cache_limiter as it was by defeult so that is the cache-control value for the manager area:

session.cache_limiter = nocache

I created a plugin with a system event:


and using the PHP function header() I set all the heders I needed:

header("Cache-Control: max-age=3600, s-maxage=3600, private, must-revalidate, proxy-revalidate");

Now the Headers in the front end and the manager are different and they are not affecting anything regarding manager behavior.

Problem solved, thank you very much! :+1: